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PROXIMITY DETECTION FOR ACCESS CONTROL 


FIELD 

[0001] The invention relates to electronic systems such as computer systems. More 
specifically, the invention relates to use of proximity detection for access control 
purposes. 

BACKGROUND 

[0002] Most electronic devices, for example, computer systems and copying 
machines, enter a low power state when not used for a predetermined period of time. The 
devices may be unused because a user is occupied by another activity, for example, a 
telephone conversation, or the device may be unused because the user as moved to a 
location away from the device. It is common for a user in a workplace environment to 
leave his/her computer and proceed to a location away from his/her computer, for 
example, to attend a meeting. 

[0003] When the user leaves his/her computer system there is generally a period of 
time during which the user's computer is accessible by unauthorized users unless the user 
specifically shuts down the computer or activates a password-protected screen saver or 
other security application. Thus, during this period of time the user's computer is 
unsecured. Most screen saver applications that provide password protection are activated 
after a predetermined period of inactivity. Because a user can be engaged in using a 
computer system without interacting with the computer system for short periods of time, 
these screen saver applications may activate and require interaction by the user in order to 
resume normal operation. This can be frustrating to a user because the use may be 
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reading text on a screen when the screen saver or security application locks the computer 
system. Thus, current commonly used security measures require positive action by a user 
to engage or disengage in order to avoid periods during which the device is unsecured. 
This results in a less than optimal use of security measures. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

The invention is illustrated by way of example, and not by way of limitation, in 
the figures of the accompanying drawings in which like reference numerals refer to 
similar elements. 

Figure 1 is one embodiment of an electronic system. 

Figure 2 is a block diagram of a first embodiment of an electronic system and an 
active identifier. 

Figure 3 is a block diagram of one embodiment of an electronic system and a 
passive identifier. 

Figure 4 is a block diagram of a second embodiment of an electronic system and 
an active identifier. 


042390.P 12239 


-3- 


Express Mail No. EL625195573US 


DETAILED DESCRIPTION 

[0004] Techniques for providing access control to electronic systems based on 
proximity detection are described. In the following description, for purposes of 
explanation, numerous specific details are set forth in order to provide a thorough 
understanding of the invention. It will be apparent, however, to one skilled in the art that 
the invention can be practiced without these specific details. In other instances, 
structures and devices are shown in block diagram form in order to avoid obscuring the 
invention. 

[0005] Reference in the specification to "one embodiment" or "an embodiment" 
means that a particular feature, structure, or characteristic described in connection with 
the embodiment is included in at least one embodiment of the invention. The 
appearances of the phrase "in one embodiment" in various places in the specification are 
not necessarily all referring to the same embodiment. 

[0006] Techniques for providing access control to electronic systems based on 
proximity detection are described. An authorized user of an electronic system is provided 
an identifier (e.g., identification badge, key fob, magnetic card, belt buckle, watch) that is 
associated with the user's person. The identifier provides the ability for an electronic 
device to determine whether the identifier is within a predetermined region with respect 
to the electronic device. The identifier can be, for example, a transmitter and/or receiver 
that transmits and/or receives wireless signals (e.g., radio frequency signals, infrared 
signals, light signals). The identifier can also reflect signals to the electronic device. By 
associating the identifier with the user's person such that the identifier provides an 
indication of the associated user's location, the electronic device can determine whether 
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the user is within the predetermined region. If the user is within the predetermined 
region, the electronic device can take certain actions, for example, shut down, boot up, 
change to a secure state. 

[0007] Figure 1 is a block diagram of one embodiment of an electronic system. The 
electronic system illustrated in Figure 1 is intended to represent a range of electronic 
systems, for example, a computer system, a kiosk, a set-top box, a teller machine, a cash 
register, control equipment, or any other device. Alternative computer systems can include 
more, fewer and/or different components. 

[0008] Electronic system 100 includes bus 101 or other communication device to 
communicate information, and processor 102 coupled to bus 101 to process information. 
While electronic system 100 is illustrated with a single processor, electronic system 100 
can include multiple processors and/or co-processors. Electronic system 100 further 
includes random access memory (RAM) or other dynamic storage device 104 (referred to 
as memory), coupled to bus 101 to store information and instructions to be executed by 
processor 102. Memory 104 also can be used to store temporary variables or other 
intermediate information during execution of instructions by processor 102. 
[0009] Electronic system 100 also includes read only memory (ROM) and/or other 
static storage device 106 coupled to bus 101 to store static information and instructions for 
processor 102. Data storage device 107 is coupled to bus 101 to store information and 
instructions. Data storage device 107 such as a magnetic disk or optical disc and 
corresponding drive can be coupled to electronic system 100. 

[0010] Electronic system 100 can also be coupled via bus 101 to display device 121, 
such as a cathode ray tube (CRT) or liquid crystal display (LCD), to display information to 
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a computer user. Alphanumeric input device 122, including alphanumeric and other keys, 
is typically coupled to bus 101 to communicate information and command selections to 
processor 102. Another type of user input device is cursor control 123, such as a mouse, a 
trackball, or cursor direction keys to communicate direction information and command 
selections to processor 102 and to control cursor movement on display 121, Electronic 
system 100 further includes network interface 130 to provide access to a network, such as a 
local area network. 

[0011] In one embodiment, wireless communications interface 170 is coupled to bus 
101 and provides wireless communications capabilities to electronic system 100. Wireless 
communications interface 170 can include any combination of one or more transmitters, 
one or more receivers and one or more transceivers. Wireless communications interface 
170 can also include relevant support components for the transmitters, receivers and/or 
transceivers, for example, antennae. 

[0012] Instructions are provided to memory from a storage device, such as magnetic 
disk, a read-only memory (ROM) integrated circuit, CD-ROM, DVD, via a remote 
connection (e.g., over a network via network interface 130) that is either wired or 
wireless, etc. In alternative embodiments, hard-wired circuitry can be used in place of or 
in combination with software instructions to implement the present invention. Thus, the 
present invention is not limited to any specific combination of hardware circuitry and 
software instructions. 

[0013] A machine-accessible medium includes any mechanism that provides (i.e., 
stores and/or transmits) information in a form readable by a machine (e.g., a computer). 
For example, a machine-accessible medium includes read only memory (ROM); random 
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access memory (RAM); magnetic disk storage media; optical storage media; flash 
memory devices; electrical, optical, acoustical or other form of propagated signals (e.g., 
carrier waves, infrared signals, digital signals); etc. 

[0014] In one embodiment, memory 104 includes one or more of: operating system 
150, application(s) 152, control agent 154, distance determination agent 156, and wireless 
communication agent 158. Operating system (OS) 150 controls the flow of instructions 
to processor 102. In one embodiment, OS 150 is the highest layer of control of electronic 
system 100. Memory 104 can also store one or more applications 152, which can be any 
type of applications and are not required to provide proximity-based access control. 
[0015] Wireless communication agent 158 provides an interface between OS 150 or 
one of applications 152 and wireless communications interface 170. In one embodiment, 
wireless communication agent 158 sends signals to wireless communications interface 
170 to cause wireless communications interface 170 to transmit messages according to a 
protocol selected by wireless communications agent 158. Wireless communications 
agent 158 can also process signals received via wireless communications interface 170. 
For example, wireless communications agent 158 can cause processor 102 to process 
messages received via wireless communications interface 170. Wireless communication 
agent 158 is illustrated as being stored in memory 104; however, wireless communication 
agent 158 can be implemented as any combination of hardware and software. 
[0016] Control agent 154 communicates with wireless communication agent 158 in 
response to messages transmitted and/or received by wireless communication agent 158. 
In one embodiment, control agent 154 includes sequences of instructions stored in 
memory 104 and executed by processor 102 and/or other components. Control agent 154 
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interprets the messages received and/or transmitted by wireless communication agent 
158. While described as being implemented by sequences of instructions, control agent 
154 can be implemented as any combination of hardware and software. 
[0017] Distance determination agent 156 operates with control agent 154 and/or 
wireless communication agent 158 to determine whether an identifier (or other 
predetermined device) is located within a predetermined proximity with respect to 
electronic system 100. Assuming a Bluetooth protocol is used by wireless 
communication agent 158, any receipt of a message from an identifier can be used to 
indicate that the identifier is within the predetermined proximity. Because Bluetooth is a 
low power communications protocol, messages are received by electronic system 100 
only when the identifier is within a close proximity of electronic system 100. 
[0018] If a higher power protocol is used, for example, HomeRF, which can be used 
to communicate messages over a much larger distance than Bluetooth, distance 
determination agent 156 is used to determine the distance between electronic system 100 
and the identifier. This can be accomplished by, for example, monitoring the time 
between transmission of a message from electronic system 100 and receipt of a response 
or reflected signal from the identifier. In alternate embodiments, other techniques, for 
example, Global Positioning Satellite signals, triangulation, or infrared signaling, can be 
used to determine the distance between electronic system 100 and the identifier. 
[0019] Figure 2 is a block diagram of a first embodiment of an electronic system and 
an active identifier. In the embodiment of Figure 2, electronic system 200 is intended to 
represent a broad class of electronic systems including, but not limited to, computer 
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systems, set top boxes, kiosks, network access devices, automated teller machines 
(ATMs), security devices and biometric devices. 

[0020] Electronic system 200 includes receiver 210 coupled to control circuit 220. 
Receiver 210 receives wireless signals from transmitter 260 that is included in identifier 
250. Identifier 250 represents a device that provides an identification of a user to which 
the identifier is assigned. In one embodiment, identifier 250 is attached to the user such 
that the identifier can indicate the location of the user. In one embodiment, identifier 250 
is badge that is worn by the user. In alternate embodiments, identifier 250 can be a key 
fob carried by the user, a watch worn by the user, or any other item that the user can carry 
with them. 

[0021] Identifier 250 includes transmitter 260 that transmits a signal to provide 
identification information related to identifier 250 and therefore, the associated user. The 
identification information can be, for example, an employee number, a user name, a 
personal identification number (PIN), a user number, a group number, a group name, a 
position identifier (System Administrator), or any other identification information. 
Transmitter 260 can transmit signals according to any wireless technique (e.g., infrared, 
radio frequency) and using protocol (e.g., Bluetooth, IEEE 802.1 lb, Digital Enhanced 
Cordless Telecommunications (DECT)) known in the art. 

[0022] Bluetooth is described in greater detail in "Specification of The Bluetooth 
System" v. 1.0b published December 1, 1999. IEEE 802.11b is described in greater 
detail in "Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) 
Specifications: Higher Speed Physical Layer (PHY) Extension in the 2.4 GHz band," 
published by Institute of Electrical and Electronics Engineers (IEEE), 1999. DECT is 
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described in greater detail in "Radio and Equipment System (RES); Digital European 
Cordless Telecommunications (DECT)" available from the DECT Forum of Berne, 
Switzerland, 1998. 

[0023] In one embodiment, transmitter 260 periodically transmits a signal including 
the identification information, or some other indication that the user is within a 
predetermined proximity of electronic system 200. For example, if transmitter 260 
transmits messages according to the Bluetooth standard, if receiver 210 receives a 
message from transmitter 260 identifier 250 can be considered within the predetermined 
proximity because Bluetooth provides low power transmissions. 
[0024] In one embodiment, if receiver 210 does not receive a message from 
transmitter 260 within a predetermined period of time of a previous message, receiver 
210 generates a signal to control circuit 220 indicating that identifier 250 is not within the 
predetermined proximity of electronic system 200. Control circuit 220 can interoperate 
with control agent 154 or control circuit 220 can provide sufficient functionality that 
control agent 154 is not necessary. 

[0025] When control circuit 220 receives the signal form receiver 210 that identifier 
250 is not within the predetermined proximity of electronic device 200, control system 
causes electronic system 200 to change states. For example, control circuit 220 can cause 
electronic device 200 to enter a low power state, to enter a secure state in which access is 
denied to unauthorized users, to enter a low power state in which access is denied to 
unauthorized users, or to shut down. 

[0026] In one embodiment, if electronic system 200 is in a low power state, in a 
secure state or shut down and receiver 210 receives a signal from transmitter 260 
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indicating that identifier 250 is within the predetermined proximity, control circuit 220 
can cause electronic system 200 to exit the low power state, exit the secure state, or boot 
up. Thus, control circuit 220 can cause electronic system 200 to enter an operating mode 
without requiring interaction from the user. 

[0027] Figure 3 is a block diagram of one embodiment of an electronic system and a 
passive identifier. As with electronic system 200 in Figure 2, in the embodiment of 
Figure 3, electronic system 300 is intended to represent a broad class of electronic 
systems. Electronic system 300 includes transmitter 310 and receiver 330 coupled to 
control circuit 340. Receiver 310 receives wireless signals from reflector 360 that is 
included in identifier 350. 

[0028] Electronic system 300 includes transmitter 3 1 0 that transmits a signal to 
identifier 350. As described above, transmitter 310 can transmit signals according to any 
wireless technique and using protocol known in the art. If the identifier is within the 
predetermined proximity, the signal is reflected by reflector 360, which provides a 
uniquely modified reflected signal. The uniquely modified signal identifies identifier 
350, and therefore, the associated user. 

[0029] In one embodiment, transmitter 3 1 0 periodically transmits a signal. If the 
signal is uniquely modified and reflected by reflector 360, receiver 330 receives the 
reflected signal from reflector 360 and electronic system 300 remains in a normal 
operating state. 

[0030] In one embodiment, if receiver 330 does not receive a message from 
transmitter 310 that has been modified by reflector 360 within a predetermined period of 
time of a previous message, receiver 330 generates a signal to control circuit 340 
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indicating that identifier 350 is not within the predetermined proximity of electronic 
system 300. 

[0031] When control circuit 340 receives the signal form receiver 330 that identifier 
350 is not within the predetermined proximity of electronic device 300, control system 
causes electronic system 300 to change states. For example, control circuit 340 can cause 
electronic device 300 to enter a low power state, to enter a secure state in which access is 
denied to unauthorized users, or to shut down. 

[0032] In one embodiment, if electronic system 300 is in a low power state, in a 
secure state or shut down and receiver 330 receives a signal from transmitter 310 that has 
been modified and reflected by reflector 360 indicating that identifier 350 is within the 
predetermined proximity, control circuit 340 can cause electronic system 300 to exit the 
low power state, exit the secure state, or boot up. Thus, control circuit 340 can cause 
electronic system 300 to enter an operating mode without requiring interaction from the 
user. 

[0033] Figure 4 is a block diagram of a second embodiment of an electronic system 
and an active identifier. Electronic system 400 includes transmitter 410 and receiver 420 
coupled to control circuit 430. Receiver 420 receives wireless signals from transceiver 
460 that is included in identifier 450. 

[0034] Transmitter 410 can transmit signals according to any wireless technique and 
using protocol known in the art. The signal is reflected by transceiver 460, which 
provides a response message in response to the message received from transmitter 410. 
The response message identifies identifier 450, and therefore, the associated user. 


042390.P12239 


-12- 


Express Mail No. EL625195573US 


[0035] In one embodiment, transmitter 410 periodically transmits a signal. If 
receiver 420 receives the response message from transceiver 460, control circuit 430 
causes electronic system 400 to remain in a normal operating mode. 
[0036] In one embodiment, if receiver 420 does not receive a message from 
transceiver 460 within a predetermined period of time of a previous message, receiver 
420 generates a signal to control circuit 430 indicating that identifier 450 is not within the 
predetermined proximity of electronic system 400. 

[0037] When control circuit 430 receives the signal form receiver 420 that identifier 
450 is not within the predetermined proximity of electronic device 400, control circuit 
430 causes electronic system 400 to change states. For example, control circuit 430 can 
cause electronic device 400 to enter a low power state, to enter a secure state in which 
access is denied to unauthorized users, or to shut down. 

[0038] In one embodiment, if electronic system 400 is in a low power state, in a 
secure state or shut down and receiver 420 receives a signal from transceiver 460 that 
indicating that identifier 450 is within the predetermined proximity, control circuit 430 
can cause electronic system 400 to exit the low power state, exit the secure state, or boot 
up. Thus, control circuit 430 can cause electronic system 400 to enter an operating mode 
without requiring interaction from the user, 

[0039] In the foregoing specification, the invention has been described with 
reference to specific embodiments thereof. It will, however, be evident that various 
modifications and changes can be made thereto without departing from the broader spirit 
and scope of the invention. The specification and drawings are, accordingly, to be 
regarded in an illustrative rather than a restrictive sense. 


042390.P12239 


-13- 


Express Mail No. EL625195573US 


